|
222021
|
8.2 |
HIGH
Network
|
matio_project
debian
|
matio
debian_linux
|
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
|
CWE-125
CWE-908
Out-of-bounds Read
Use of Uninitialized Resource
|
CVE-2019-17533
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222022
|
7.5 |
HIGH
Network
|
belkin
|
wemo_switch_28b_firmware
|
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleD…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17532
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222023
|
7.8 |
HIGH
Local
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Cor…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17530
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222024
|
7.8 |
HIGH
Local
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Co…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17529
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222025
|
7.5 |
HIGH
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Process…
|
NVD-CWE-noinfo
|
CVE-2019-17528
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222026
|
7.5 |
HIGH
Network
|
hydra_project
|
hydra
|
Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_head…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-17502
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222027
|
4.8 |
MEDIUM
Network
|
hotarucms
|
hotarucms
|
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17522
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222028
|
6.5 |
MEDIUM
Network
|
landing-cms_project
|
landing-cms
|
An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI,
|
CWE-352
Origin Validation Error
|
CVE-2019-17521
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222029
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-846_firmware
|
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell met…
|
CWE-78
OS Command
|
CVE-2019-17510
|
2024-11-21 13:32 |
2019-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222030
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-846_firmware
|
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with she…
|
CWE-78
OS Command
|
CVE-2019-17509
|
2024-11-21 13:32 |
2019-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
